Sr. Manager, IT Internal Audit

Ready to make your next big professional move? Join us on our journey to achieve our big dream of building the most loved restaurant brands in the world.

Restaurant Brands International Inc. is one of the world's largest quick service restaurant companies with nearly $45 billion in annual system-wide sales and over 32,000 restaurants in more than 120 countries and territories.

RBI owns four of the world's most prominent and iconic quick service restaurant brands - TIM HORTONS, BURGER KING, POPEYES, and FIREHOUSE SUBS. These independently operated brands have been serving their respective guests, franchisees and communities for decades. Through its Restaurant Brands for Good framework, RBI is improving sustainable outcomes related to its food, the planet, and people and communities.

RBI is committed to growing the TIM HORTONS, BURGER KING, POPEYES and FIREHOUSE SUBS brands by leveraging their respective core values, employee and franchisee relationships, and long track records of community support. Each brand benefits from the global scale and shared best practices that come from ownership by Restaurant Brands International Inc.

Reporting to the VP, Internal Audit, the Senior Manager, IT Internal Audit is a hands-on IT audit practitioner and subject matter resource within RBI's Internal Audit function. The Senior Manager executes IT audit engagements across all four brands - performing IT operational and cybersecurity audits and data governance reviews - under the direction of the VP. The Senior Manager also contributes to RBI's audit analytics capability, building and maintaining data-driven testing procedures and supporting the continuous monitoring programs that underpin the broader Internal Audit program.

Key Responsibilities

• Apply IT audit subject matter expertise across engagements; serve as a technical resource to Internal Audit team members and co-source partners
• Support the SOX ITGC program by coordinating with co-source partners on scoping, reviewing testing workpapers, and tracking deficiencies through remediation
• Execute audits of change management, access management, SDLC, computer operations, and IT regulatory compliance across corporate and brand domains
• Build and maintain audit data pipelines, analytical models, and testing procedures (Python, SQL, Power BI) in support of the Director's continuous monitoring programs
• Advisor for cybersecurity, data governance, and privacy control assessments (NIST, PCI, CCPA)
• Support Optro GRC IT integration maintenance and data feed governance under the direction of the VP
• Contribute to analytics adoption across the Internal Audit function; develop reusable testing tools and support data infrastructure decisions in coordination with the VP
• Assist with IT risk assessments across brands and corporate in support of audit plan prioritization
• Support Internal Audit representation in cross-functional technology governance forums as directed
• Issue remediation tracking and closure; support special projects and VP advisory requests on technology risk matters

Competencies

• IT Audit Leadership: Demonstrated ability to execute IT audit engagements end-to-end across complex technology environments; translates audit objectives into well-documented, risk-rated findings
• SOX / ITGC Expertise: Deep, hands-on knowledge of IT general controls, SOX 404/302 IT support, and external auditor reliance strategies; experienced in deficiency assessment and Item 308(c) evaluation
• Cybersecurity & Data Risk: Fluent in information security audit, IAM, cloud security, and data governance risk; able to assess control design and maturity across diverse technology stacks
• Analytics & Automation: Skilled in designing and building data-driven audit programs using Python, SQL, and BI tools; able to automate testing and scale continuous monitoring coverage
• Stakeholder Influence: Adept at building trusted relationships with CIO, CISO, Legal, and Data Governance without direct authority; able to communicate technical risk to non-technical audiences
• Communication & Reporting: Skilled in producing polished, executive-ready audit reports and Audit Committee materials; able to translate technical findings into business-impact language and actionable recommendations
• Team & Co-source Management: Experienced in directing co-source partners and guiding junior audit staff with clarity and accountability; able to coordinate multi-party engagements across specialist and internal resources
• Intellectual Curiosity: Naturally drawn to emerging technology risks (AI/ML, cloud connectors, digital franchise platforms); able to translate evolving trends into timely adjustments to the audit program

Education & Certifications

• Bachelor's degree in Information Systems, Computer Science, Accounting, or related field
• CISA required; NIST CSF and PCI-DSS audit framework familiarity expected
• CIA, CPA, CISSP, CRISC, or CISM a plus

Experience

• 7+ years in IT audit, information security audit, or IT risk/compliance
• Meaningful IT SOX/ICFR experience at a public company, including ITGC coordination with co-source partners and Big 4 external auditors
• Experience contributing to an IT audit program in a co-source or influence model; able to work effectively alongside specialist and internal resources
• Hands-on experience with SAP environments and cloud data platforms (Snowflake, Azure, or AWS)
• Experience designing data analytics audit programs using Python or SQL across large, multi-source datasets
• Restaurant, retail, or franchise sector experience a plus; multi-brand or multi-geography experience preferred

Technical Skills

• Python and/or SQL for audit analytics and automation
• Optro GRC (AuditBoard) - IT integration configuration and workflow design
• SAP security and authorization concepts; Snowflake governance architecture
• Power BI or equivalent data visualization; Microsoft Office suite

Language

• English required; Spanish or French a plus

Benefits at all of our global offices are focused on physical, mental and financial wellness. We offer unique and progressive benefits, including a comprehensive global paid parental leave program that supports employees as they expand their families, free telemedicine and mental wellness support.

Restaurant Brands International and all of its affiliated companies (collectively, RBI) are equal opportunity and affirmative action employers that do not discriminate on the basis of race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or veteran status, or any other characteristic protected by local, state, provincial or federal laws, rules, or regulations. RBI's policy applies to all terms and conditions of employment. Accommodation is available for applicants with disabilities upon request.